Loopback addresses should not be routable

Bug #1834012 reported by Kobi Samoray on 2019-06-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kobi Samoray

Bug Description

Neutron route validations should fail creation of routes for loopback CIDR 127.x

Kobi Samoray (ksamoray) on 2019-06-24
Changed in neutron:
assignee: nobody → Kobi Samoray (ksamoray)
Kobi Samoray (ksamoray) wrote :

e.g the following should fail:
openstack router set --route destination=,gateway= x

Fix proposed to branch: master
Review: https://review.opendev.org/667070

Changed in neutron:
status: New → In Progress
Changed in neutron:
status: In Progress → Triaged
importance: Undecided → Low
Bence Romsics (bence-romsics) wrote :

Thank you for your bug report!

This is clearly noise in the API we should not allow. On the other hand did you observe any unexpected behavior in the actual routing? In case you did, what is your backend?

Kobi Samoray (ksamoray) wrote :

@Bence this has been raised by a customer who uses NSX backend.
NSX transaction fails obviously but Neutron should block it before it reaches NSX.

Changed in neutron:
status: Triaged → In Progress
Bence Romsics (bence-romsics) wrote :

@Kobi: Thanks! In this case the patch you already uploaded is the only one needed here I think.

Reviewed: https://review.opendev.org/667070
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=8417717411894c2a2b315e21495245a83c23dc87
Submitter: Zuul
Branch: master

commit 8417717411894c2a2b315e21495245a83c23dc87
Author: Kobi Samoray <email address hidden>
Date: Mon Jun 24 14:52:29 2019 +0300

    Loopback address routing should be invalid

    Host route validators should reject loopback CIDRs.

    Change-Id: Ifa545242224bdc80a934b529e44b25b4492d4e0b
    CLoses-bug: 1834012

Changed in neutron:
status: In Progress → Fix Released

This issue was fixed in the openstack/neutron-lib 1.28.0 release.

Change abandoned by Kobi Samoray (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/668390

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers